Vers. Mod.: IS02 – Year 2019
Information for the treatment of personal data.
Articles 13 and 14 EUROPEAN REGULATION N. 679/201 6
Leg. 196/2003 as amended by Legislative Decree 101/2018
Dear Navigator ,
the writer PlusUltra Ltd, with registered office in Piazza San Sepulcher 2-20123 Milan ( MI ), and operational headquarters in Via Luppia San Zeno ZI – 35044 Mountain (PD), CF and VAT number 06343870967 , as a “data controller” According to articles 13 and 14 of the European Regulation n. 679/2016 (hereinafter “EU Regulation”), that your data will be processed as indicated below:
1. Object of the treatment
The Data Controller informs you that the personal, identification data (for example, name, surname, company name, address, telephone, e-mail, bank and / or payment references, etc.), hereinafter called “personal data” or even simply “data”, related to you, also acquired verbally directly or through third parties, may be processed in full compliance with the EU Regulation.
By data processing is meant any operation or complex of operations concerning the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, diffusion, destruction of the data.
If in the existing contract with your company there is a treatment of personal data that we will have to do to comply with what is indicated in the contract itself, it will be your care to provide us with personal data subject to treatment for which you have certainly obtained, as Data Controllers, a free, specific, informed and unequivocal consent from the interested parties.
2. Legal basis and purpose of the treatment
Legal basis EU Regulation no. 679/2016, Legislative Decree n. 196/2003 as amended by Legislative Decree n. 101/2018.
The processing of your personal data, requested and / or verbally provided, is based on the provisions of art. 6 of EU Regulation 2016/679, on your consent or on the legitimate interest of the undersigned Holder to defend your rights in a possible dispute as well as the execution of a contract of which you are a part or the execution of pre-contractual measures (e.g. preparation of an offer, etc.) requested by you and has the following purposes:
A) without your express consent (art.6 of the EU Regulation):
– to fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships with you;
– to fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for example in the matter of anti-money laundering);
– exercise the rights of the Data Controller, for example the right to defense in court;
– for keeping general accounts;
– for the pursuit of the legitimate interest of the data controller;
– for management purposes (billing, any document management, etc.);
– for credit management;
– for statistical analysis and quality control;
– for insurance management;
– for technical assistance.
In particular, your data will be processed for purposes related to the implementation of the following obligations, related to legislative or contractual obligations:
– Technical and functional access to the site, no data is kept after closing the browser;
– Advanced navigation purposes or personalized content management;
– Statistical and Analysis purposes of navigation and users.
B) Only with your specific and distinct consent (Article 7 of the EU Regulation ), for the following commercial and / or marketing and / or profiling purposes :
– Sends or by e-mail, mail and / or SMS and / or telephone contacts of newsletters, commercial communications and / or marketing of products or services offered by the Holder of the treatment and / or detection of the degree of satisfaction with the quality of what made at your request ;
– sending or via e-mail, post and / or sms and / or telephone contacts of commercial and / or promotional communications from third parties (for example, business partners).
3. Processing methods
The processing of your personal data is carried out by means of the operations indicated in art. 4 no. 2) of the EU Regulation and precisely: the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction, blocking. The data processing will be based on principles of correctness, lawfulness and transparency and may be carried out by manual, IT and telematic means, on paper and / or digital media. The treatment will be carried out in order to guarantee the security and confidentiality of the data.
4. Data retention times and other information.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no later than the terms of the Law from the termination of the relationship for the purposes referred to in the existing relationship.
With reference to the personal data being processed for marketing purposes or for processing for profiling purposes, the same will be kept in compliance with the principle of proportionality and in any case until the purposes of the processing have been pursued or until the withdrawal of specific consent by the interested party.
Specifically, the Data Controller will process the data for no more than two years from the collection of data for Marketing Purposes and one year for the data collected for Profiling Purposes.
Data of possible candidates: the personal data of the aspiring candidates will be deleted 6 months after the conclusion of the selection process.
The personal data you provide will be processed ” lawfully, correctly and transparently “, protecting your privacy and your rights.
It should be specified that in the absence of significant contacts for a period of ten years, or in the event of exercise of the rights provided for by the Regulation (EU) for the interested party (e.g. right of elimination / oblivion, of limitation), the transfer of the personal data in a special encrypted and / or paper digital archive (protected archive) making them accessible only to the Data Controller or they will be destroyed without leaving any copies except for different provisions dictated by the Law in force.
It is expected that a periodic annual check will be carried out on the data processed and on the possibility of being able to delete it if no longer necessary for the intended purposes.
5 . Access to data (categories of recipients to whom the data can be communicated)
Your data may be made accessible for the purposes referred to in points 2.A) and 2.B above to the subjects listed below for this purpose duly identified and instructed:
1) to partners, employees and collaborators of the Data Controller in Italy and abroad, in their capacity as persons in charge and / or internal managers of the treatment and / or system administrators;
Your personal data may also be communicated to the external recipients of the practices that concern you, in carrying out the activities described above, and to the external subjects who interact with the writer, always and exclusively for activities functional to the purposes described above; these categories are:
A . Consultants (such as, for example, accountant and / or tax consultant and / or employment consultant) for aspects that may concern you and in accordance with the law;
B . Companies operating in the IT sector (Data Center, Cloud Provider, companies that provide IT services including back-up and / or maintenance of equipment and software, including applications etc.), also residing abroad, but in any case always established and / or using devices located in the European Union, for the care of data security and confidentiality;
C . Professionals and / or companies operating in the occupational safety sector;
D . Consultants and law firms for any disputes;
And . Public administrations for the performance of institutional functions, within the limits established by law and regulations;
F . Social security and assistance bodies and certification bodies;
G . Insurance companies as well as liquidators, consultants and experts appointed by them ;
H . Business consultants.
The . Public authorities and administrations for the purposes related to the fulfillment of legal obligations or to persons entitled to access them by virtue of legal provisions, regulations, community regulations;
L . Banks, financial institutions or other subjects to whom the transfer of the aforementioned data is necessary for the performance of our business in relation to the fulfillment, on our part, of the contractual obligations assumed towards you.
For brevity, the detailed list of these figures is available at our office and is at your disposal.
6. and 7. Communication and data transfer
Without the need for express consent (Article 6 letter b) and c) of the EU Regulation), the Data Controller may communicate your data for the purposes referred to in point 2.A above) to supervisory bodies, judicial authorities , as well as to those subjects to whom communication is mandatory by law for the fulfillment of the purposes indicated above.
These subjects will process the data in their capacity as independent data controllers.
Your information will not be disseminated.
Personal data are stored on devices located at the headquarters of the Data Controller or at providers, within the European Union. The data you provide may be transferred to countries outside the EU as we make use of external data processors who carry out their services (such as the provision of e-mail, other types of cloud or other types of services), can carry out this transfer, even through their sub-managers. To ensure the security of these transfers, we only use subjects that offer the necessary guarantees to implement adequate technical and organizational measures so that the processing carried out complies with the provisions of EU Reg. 679/2016 (for example, evaluating the presence of decisions of adequacy or by regulating the relationship using standard contractual clauses).
In any case, it is understood that the Data Controller, if necessary, will have the right to move the data also to non-EU countries. In this case, the Data Controller ensures as of now that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to stipulation of the standard contractual clauses (the standard contractual clauses are available at the following link: http: // ec. europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm) and standard checks provided by the European Commission (specifically the conditions indicated in CHAPTER V of the EU Regulation will be respected).
Both as regards the data present on its devices, and for any data present at the provider, the Data Controller has implemented adequate technical and organizational measures to guarantee an appropriate level of security, in full compliance with what is indicated in the EU Regulation.
Navigation : your navigation data will be not be transferred in any way.
Since each browser, and often different versions of the same browser, also differ significantly from each other if you prefer to act independently through the preferences of your browser, you can find detailed information on the necessary procedure in the guide of your browser.
8 . Nature of data provision and consequences of refusing to answer
The provision of data for the purposes referred to in point 2.A above is mandatory. In their absence, we cannot guarantee the Services as indicated in 2.A).
The provision of data for the purposes mentioned in the previous point 2.B) is optional. You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material and / or anything else related to the Services offered by the Data Controller.
However, you will continue to be entitled to the services referred to in point 2.A).
Some information fields on the website may be marked with the * character. The filling in of these fields is mandatory when entering your data. The consequence of not providing the information is the impossibility of using the service for which the information is requested.
9 . Rights of the interested party
In your capacity as an interested party, you have the rights referred to in articles 15 to 22 of the EU Regulation below and precisely you have the right to:
– obtain confirmation of the existence and processing of personal data concerning him and their written (electronic) copy in a clear and understandable form (so-called right of access);
– obtain information about the purpose of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period;
– obtain the correction of the data concerning him (so-called right of rectification)
– obtain the cancellation of data concerning him (so-called right to be forgotten);
– obtain the limitations of the treatment (so-called right of limitation of treatment);
– if the data are not collected from the interested party, obtain all the information available on their origin;
– obtain data portability, i.e. receive them from a data controller in a structured format, commonly used and readable by an automatic device and transmit them to another data controller without hindrance (so-called right to data portability);
– oppose the treatment at any time and also in the case of treatment for direct marketing purposes (so-called right of opposition);
– oppose an automated decision-making process relating to natural persons, including profiling;
– withdraw consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation;
– propose a complaint to a supervisory authority (Guarantor for the Protection of Personal Data).
There may be conditions or limitations to the rights of the data subject. It is therefore not certain that for example you have the right to data portability in all cases – this depends on the specific circumstances of the processing activity.
10 . How to exercise your rights
You can exercise your rights at any time by sending:
– a recommended ar to lla writer (see the address indicated in the letterhead) ;
– an e-mail to email@example.com
11 . Minors
What is offered by the Data Controller and object of the relationship with you in place does not provide for the intentional acquisition of personal information relating to minors. In the event that information about children were inadvertently recorded, the Holder of the treatment wash them off in a timely manner, at the request of ll’inter and s sato .
12. Personal data not obtained from the interested party
It may happen that the writer is not the Data Controller to whom you have given your personal data, but it turns out to be co-owner of the treatment or responsible for external processing and therefore your data have reached the writer in the second instance due to of a contract that regulates the parties. In this case it is specified that the writer will do everything possible to ensure that you have been informed and have given consent to the treatment. P OU at any time ask the writer of the acquisition source of your data.
13 . Owner and Distributors
Below we provide some information that you need to bring to your knowledge, not only to comply with legal obligations, but also because transparency and fairness towards our staff / collaborators is a fundamental part of our business.
Holder of the treatment . The Data Controller of his personal data is Plusultra srl on whose behalf the Company signs Mr. Marco Koenig , responsible towards him for the legitimate and correct use of his personal data and who he can contact for any information or request at the following addresses: telephone +39 0429 800680, e-mail: firstname.lastname@example.org .
Appointees. The updated list of data processors is kept at the headquarters of the Data Controller.
The Data Controller